Touchscreen-based devices such as smartphones and tablets are gaining popularity,
but their rich input capabilities pose new development and testing complications.
To alleviate this problem, we present an approach and tool named RERAN that permits
record-and-replay for the Android smartphone platform. Existing GUI-level
record-and-replay approaches are inadequate due to the expressiveness of the smartphone
domain, in which applications support sophisticated GUI gestures, depend on inputs
from a variety of sensors on the device, and have precise timing requirements among
the various input events. We address these challenges by directly capturing the
low-level event stream on the phone, which includes both GUI events and sensor events,
and replaying it with microsecond accuracy. Moreover, RERAN does not require access
to app source code, perform any app rewriting, or perform any modifications to the
virtual machine or Android platform. We demonstrate RERAN’s applicability in a
variety of scenarios, including (a) replaying 86 out of the Top-100 Android apps on
Google Play; (b) reproducing bugs in popular apps, e.g., Firefox, Facebook,
Quickoffice; and (c) fast-forwarding executions. We believe that our versatile
approach can help both Android developers and researchers.

Android uses a system of permissions to control how apps access sensitive
devices and data stores. Unfortunately, we have little understanding of the
evolution of Android permissions since their inception (2008). Is the
permission model allowing the Android platform and apps to become more secure?
In this paper, we present arguably the first longterm study that is centered
around both permission evolution and usage, of the entire Android ecosystem
(platform, third-party apps, and pre-installed apps). First, we study the
Android platform to see how the set of permissions has evolved; we find that
this set tends to grow, and the growth is not aimed towards providing finer-grained
permissions but rather towards offering access to new hardware features; a
particular concern is that the set of Dangerous permissions is increasing.
Second, we study Android third-party and pre-installed apps to examine whether
they follow the principle of least privilege. We find that this is not the case,
as an increasing percentage of the popular apps we study are overprivileged. In
addition, the apps tend to use more permissions over time. Third, we highlight
some concerns with pre-installed apps, e.g., apps that vendors distribute with
the phone; these apps have access to, and use, a larger set of higher-privileged
permissions which pose security and privacy risks. At the risk of oversimplification,
we state that the Android ecosystem is not becoming more secure from the user’s
point of view. Our study derives four recommendations for improving the Android
security and suggests the need to revisit the practices and policies of the ecosystem.

The Android platform lacks tools for assessing and monitoring apps in a systematic way. This lack of tools is particularly
problematic when combined with the open nature of Google Play, the main app distribution channel. As our key contribution,
we design and implement ProfileDroid, a comprehensive, multi-layer system for monitoring and profiling apps. Our approach
is arguably the first to profile apps at four layers: (a) static, or app specification, (b) user interaction, (c) operating
system, and (d) network. We evaluate 27 free and paid Android apps and make several observations: (a) we identify
discrepancies between the app specification and app execution, (b) free versions of apps could end up costing more than
their paid counterparts, due to an order of magnitude increase in traffic, (c) most network traffic is not encrypted,
(d) apps communicate with many more sources than users might expect---as many as 13, and (e) we find that 22 out of 27
apps communicate with Google during execution. ProfileDroid is the first step towards a systematic approach for (a)
generating cost-effective but comprehensive app profiles, and (b) identifying inconsistencies and surprising behaviors.

Malicious Android Applications in the Enterprise: What Do They Do and How Do We Fix It?
Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, and Michalis Faloutsos.
ICDE Workshop on Secure Data Management on Smartphones and Mobiles (SDMSM 2012), April 2012.Abstract
·
PDF
·
More

Android applications are used in a variety of domains, including business, social, media, health, scientific, and
even military. On one hand, enterprises can take advantage of the richness of Android applications to support their
business needs. On the other hand, Android devices contain rich sensitive data—e.g., GPS location, photos, calendar,
contacts, email, and files—which is critical to the enterprise and unauthorized access to this sensitive data can
lead to serious security risks. In this paper, we describe the nature and sources of sensitive data, what malicious
applications can do to the data, and possible enterprise solutions to secure the data and mitigate the security risks.
The purpose of this paper is to raise employees’ and enterprises’ awareness and show that a suite of easy-to-implement
measures can improve both employee and enterprise security.

Past Technical Reports

Smartphones are becoming pervasive–2010 sales have jumped 55% compared to 2009, and IDC estimates that 269 million
units will be sold worldwide in 2010. Smartphone applications (apps) offer a wide range of financial, social, health,
scientific, and even military capabilities on the go. However, mobile access to GPS location, camera, Internet, calendar,
contacts, and other sensitive information can lead to inadvertent security risks, and this problem is exacerbated by
the rapid evolution of smartphone hardware and software platforms. Today, smartphone application developers are largely
on their own to ensure that they access sensitive resources safely and that they do not inadvertently allow access by
untrusted third parties. Malicious Android apps masquerade as legitimate applications, but use the phone for nefarious
e.g., for financial gains. These malicious apps are able to take advantage of the rapid evolution and developer freedom of
the Android market to exploit applications to gather security-sensitive data, enlist the phone into premium services, and
more. To effectively thwart malicious apps, their behavior must be further studied and dissected to understand exactly what
the specific exploits are, what they do, and what reoccurring patterns and structures these malicious applications use. In
this paper we perform such a study, that provides a characterization of the behavior of 12 malicious apps. This study is
a step towards recognizing and mitigating the threat posed by malicious Android apps.